This invention concerns a method for securely inputting an access code to an input interface of a mobile end device.
Most mobile end devices such as mobile telephones, smartphones and the like are access-protected by an individual access code, the PIN (personal identification number). The end device become usable only after the access code has been correctly inputted on an input interface of the end device. As an input interface there is provided e.g. a keyboard implemented in hardware (keypad), alternatively a touch-sensitive display (touchscreen) of the end device, in particular a keyboard displayable on the display of the end device (touchpad).
Particularly smartphones have a number of various sensors for sensing data while exploiting physical effects and for feeding applications runnable in the smartphone. For example, most smartphones have motion sensors which can capture motions of the smartphone in space. The captured motions can serve for example as input to a computer game, e.g. in the form of steering motions for an automobile or of an imaginary athlete's motions in a sport. With some end devices, shaking the end device can trigger certain actions in the file management, e.g. loading of another file, or the like. Most end devices have as a further sensor a digital camera which can acquire static images and films.
In EP 2 136 536 A1 it is proposed to utilize an acceleration sensor of a mobile end device in order to put the mobile end device into an operating state that matches motions of the user.
When inputting the access code, the user of an end device performs motions of his hands and in particular fingers that reflect the access to the keyboard keys corresponding to the individual digits of the access code. FIG. 2 shows an example of a conventional numeric block of a keyboard as can be provided on a mobile end device. The digit three (“3”) is disposed in the upper right corner. When the user actuates the key three, he presses on the top right on the telephone relative to the actuating of other keys. An end device like that shown in FIG. 1 could have four motion sensors, namely, one at the top right, top left, bottom right and bottom left. When the key three disposed at the top right is actuated upon PIN input, the motion sensor disposed at the top right could show the strongest reaction in comparison to the actuation of other keys, since the key three is located nearest to the acceleration sensor at the top right. Upon actuation of the key three, a camera of the end device could recognize the user's finger or eyes in a position at the top right, or in a motion toward the key three. A microphone could also respond differently in dependence on the actuated key on the keyboard, as well as uninvolved contactless interfaces such as NFC or Bluetooth, or a GPS system. Sensors thus form potential side channels via which an access code such as a PIN might be spied out.
In principle, sensors, such as acceleration sensors, in end devices work in such a way that a sensor variable, e.g. the acceleration of the end device relative to the reference system (i.e. relative to the outside world) is captured by sensor and the captured acceleration is relayed to a microprocessor of the end device. The microprocessor processes the captured sensor data and can feed them to software of the end device, e.g. to a computer game or a file management, an application at the application level, or a driver at the hardware level which might e.g. switch the end device to the standby mode.
DE 102 31 870 B4 describes a method for securely inputting a PIN to a mobile end device wherein, while a user carries out a PIN input, sensor variables of sensors of the mobile end device are captured, the captured sensor variables are compared with prestored user-specific reference sensor variables, and the PIN is accepted only in case of a match between captured and reference sensor variables.
In principle, secure execution (or runtime) architectures are known, in particular two-tier execution (or runtime) architectures such as that from the company ARM (TrustZone architecture), having a normal execution environment and a trusted execution environment. In the trusted execution environment, security applications and security drivers (e.g. for peripheral devices such as a keyboard) are implemented under the management of a secure operating system.